offsite-backup is a block device connected via iSCSI, the Internet Small Computer Systems Interface.
It’s real backing device is a zvol, a ZFS Volume, residing on a FreeBSD server, on another RAID1 made out of two 2TB HDDs (which also stores the servers root-filesystem)

In this (and the following posts…) I will show you how I did this and maybe how it performs.

Disclaimer: I have no idea what I’m doing!

I don’t know if this works good enough to have it enabled most of the time.
I don’t know if it breaks as soon as your internet is flaky.
I don’t even know if it’s secure (enough).

Please don’t blindly copy anything from the web!

Let’s get to the meat of this right away, the other parts are less interesting but will/may follow in seperate posts…

Act 1 Part 1: Linux

On the linux side we only need to install open-iscsi, since I’m on Archlinux (yeah yeah, hate me for it. I do it too. :c) it’s as simple as:

1

pacman -S open-iscsi

on Ubuntu/Debian it’s also really simple:

1

apt install open-iscsi

for all other distributions: I have no clue. What the actual fuck even is „Hannah Montana Linux“ and why do you use it as a daily driver?!

…uhm, after installing open-iscsi you need to edit /etc/iscsi/iscsid.conf to contain the following things (please read the examples/manpages/etc. for your distribution for more details):

/etc/iscsi/iscsid.conf

1

2

3

4

5

6

7

8

9

iscsid.startup = /bin/systemctl start open-iscsi.service

node.session.auth.authmethod = CHAP

node.session.auth.username = __USERNAME__

node.session.auth.password = __SECRET_PASSWORD_1__

discovery.sendtargets.auth.authmethod = CHAP

discovery.sendtargets.auth.username = __USERNAME__

discovery.sendtargets.auth.password = __SECRET_PASSWORD_2__

Line 1 is totally optional AND probably different on other distros than Archlinux. It allows you to open the iSCSI-connection without manually starting iscsid first.

And with that, we are done with the linux-stuff. 🎉 Yay! 🎉

Act 1 Part 2: FreeBSD

Now over to our FreeBSD server, first of all we need to create a zvol that we want to serve over iSCSI:

1

zfs create-V300G-s-b4096-ovolmode=dev zroot/example-zvol

This creates a 300GB sparse zvol with a 4K blocksize (which is the most performant blocksize on modern disks), identifying itself like a real harddisk.
Sparse zvol means it is allowed to grow until it reaches 300GB but won’t pre-allocate that space.

Now we can configure the server, just create /etc/ctl.conf with the following content (and replace with your own values…):

/etc/ctl.conf

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

auth-groupdag0{

initiator-name __INITIATIOR_NAME__# replace with the name in /etc/iscsi/initiatorname.iscsi on your linux-host

chap __USERNAME__ __SECRET_PASSWORD_2__# replace with a password, up to 16 characters

}

auth-grouptag0{

initiator-name __INITIATIOR_NAME__# replace with the name in /etc/iscsi/initiatorname.iscsi on your linux-host

chap __USERNAME__ __SECRET_PASSWORD_1__# replace with a DIFFERENT password, up to 16 characters

}

# this listens on all IP adresses, you probably don't want this because

# iSCSI is unencrypted, don't use it over the big bad internet without a VPN

portal-grouppg0{

discovery-auth-group dag0

listen0.0.0.0

listen[::]

}

# the target is a bit tricky, let's split it up:

# iqn - a constant, don't change this!

# 2018-07 - year and month of "when you gained controll over this target" …no idea what this is for, just set it to current date

# com.example - a FQDN of this host, in reverse domain name notation: https://en.wikipedia.org/wiki/Reverse_domain_name_notation